|This article needs additional citations for verification. (November 2008)|
Notability and origin
Most notably, the program included a function for stealing the passwords of America Online users and, according to its creator, contains the first recorded mention of the term "phishing". AOHell provided a number of other utilities which ran on top of the America Online client software. Though most of these utilities simply manipulated the AOL interface, some were powerful enough to let almost any curious party anonymously cause havoc on AOL. The first version of the program was released in 1994 by hackers known as Da Chronic, The Rizzer, and The Squirrel. Upon loading, the program played a short clip from Dr. Dre's 1993 song Nuthin' but a "G" Thang.
AOHell was the first program of its kind, but it spawned a very large number of copycats, some of which rivaled AOHell itself in quality. Fate X and HaVoK were two of its most popular successors. As time went on, code to create these programs became available to the general public on various AOL add-on sites. New programs would be developed and released regularly by the community of coders that sites like this fostered. Over a period of 10 years, more than 1000 programs would be released for various versions of AOL.
Features of AOHell
- A fake account generator which would generate a new, fully functional AOL account for the user that lasted for about a month. This generator worked by exploiting the algorithm used by credit card companies known as the Luhn algorithm to dynamically generate apparently legitimate credit card numbers. The account would not be disabled until AOL first billed it (and discovered that the credit card was invalid). The generator could also generate fake addresses and phone numbers, resembling on their surface legitimate personal information. One example of a fake account generator was a Macintosh One-click based piece of software called Fake Maker written by a user known as McDawgg within the AOL Macwarez community. This software ran in parallel with the AOL program to create fake accounts based upon generated legitimate credit card account numbers. This software ultimately released 3 versions and helped to create thousands of fake accounts before AOL weakened its ability through more expedient account verification.
- Phishing tools. The program included a "fisher" tool in 1995 that enabled hackers to steal passwords and credit card information through automated social engineering. The program would barrage random AOL users with instant messages like:
|“||Hi, this is AOL Customer Service. We're running a security check and need to verify your account. Please enter your username and password to continue.||”|
- A punter (IM-bomber), which would send an Instant Message containing HTML code to another user that would sign them off.
- A mail bomb script which would rapidly send e-mails to a user's inbox until it was full.
- A flooding script that would flood a chat room with ASCII art of an offensive nature, such as the finger or a toilet.
- An 'artificial intelligence bot', which did not really contain artificial intelligence, but had the ability to automatically respond to a message in a chatroom upon identification of keywords. (For example, a 'profane language' autoresponse was built into the program.)
- An IM manager, which provided facilities to automatically respond to or block IMs from certain users.
- A Steve Case cloak, which allowed users to pose as AOL founder Steve Case in chat rooms.
Motives and legacy
The existence of AOHell and similar software even allowed AOL to develop its own warez community. Lurking in secret chat rooms with appropriate names like 'AirZeraw', mm, cerver, 'wArEzXXX', g00dz, 'punter', 'gif', 'coldice' 'GRiP' as well as 'trade' to name a few chatrooms, AOHell created bots often referred to as 'servers' which would send out a list of warez (illegally copied software) contained in their mailbox. Simply messaging the bot with the titles of the desired software packaging would result in those packages being forwarded to one's mailbox. Since the data merely had to be copied into another user's mailbox (still resident on an AOL server), the piracy was only limited by how fast messages could be forwarded, with AOL footing all the bandwidth costs. One additional limitation included an allotted amount of email messages which could be sent per day by the particular user account. Botters were able to circumvent this limitation by signing up for a white-list account which was subject to an unknown probationary period where AOL administrators monitored the account.
The existence of software like AOHell provided a sort of parallel 'lite' version of the hacker underground that had existed for years before, based around bulletin board systems. Programs like AOHell played an important part in defining the 'script kiddie', a user who performs basic cracking using simple tools written by others, with little understanding of what they are doing. These types of programs tended to get AOL accounts shut down and so most users were on accounts they acquired illicitly either by phishing or a fake account generator as mentioned above.
In the manual, the creator of AOHell claims that he created the program because the AOL administrators would frequently shut down hacker and warez chatrooms for violation of AOL's terms of service while refusing to shut down the pedophilia chat rooms which regularly traded child pornography. Da Chronic claimed when he confronted AOL's TOSAdvisor about it, he was met with an account deletion. His goal was:
|“||[To have] 20,000+ idiots using AOHell to knock people offline, steal passwords and credit card information, and to basically annoy the hell out of everyone.||”|
The program was last compatible with AOL version 2.5.
- Simson L. Garfinkel (1995-04-21). "AOHell". The Boston Globe. (scan)
- Wallace Wang (2003-01-01). "AOHell". Steal This Computer Book 3. No Starch Press. p. 297. ISBN 1-59327-000-3.